1
00:00:00,000 --> 00:00:14,440
This is Hacker Public Radio episode 4,081 from Monday the 25th of March 2024.

2
00:00:14,440 --> 00:00:19,480
Today's show is entitled The Oh No News.

3
00:00:19,480 --> 00:00:22,720
It is part of the series' privacy and security.

4
00:00:22,720 --> 00:00:28,480
It is the 60th show, some guy on the internet, and is about 12 minutes long.

5
00:00:28,480 --> 00:00:31,120
It carries a clean flag.

6
00:00:31,120 --> 00:00:41,040
The summary is, Scoti gives us some moral panic written pearl clutching nonsense.

7
00:00:41,040 --> 00:00:45,280
Hello and welcome to another episode of Hacker Public Radio, I'm your host, some guy on

8
00:00:45,280 --> 00:00:46,280
the internet.

9
00:00:46,280 --> 00:00:49,480
This is The Oh No News, let's get started.

10
00:00:49,480 --> 00:00:54,840
Q-net warns of critical off bypass flow in its last devices.

11
00:00:54,840 --> 00:00:59,240
All right, ladies and gentlemen, this article is coming from bleeping computers and the

12
00:00:59,240 --> 00:01:05,880
beloved Q-net competitor to Synology, you know those little in-house Q-boxes, the beloved

13
00:01:05,880 --> 00:01:07,360
NAS and a box.

14
00:01:07,360 --> 00:01:08,800
Yeah, you know the ones.

15
00:01:08,800 --> 00:01:13,360
What they've got a little bit of a vulnerability here is actually three vulnerabilities.

16
00:01:13,360 --> 00:01:22,320
One of them, which is label CVE, 2024, 2189, is marked as low complexity and it can

17
00:01:22,320 --> 00:01:24,720
be executed remotely.

18
00:01:24,720 --> 00:01:30,120
So three vulnerabilities, in total, one can be executed remotely, the other two just sort

19
00:01:30,120 --> 00:01:31,840
of play off of the first.

20
00:01:31,840 --> 00:01:34,160
I'm not going to go into too much detail with it.

21
00:01:34,160 --> 00:01:40,080
All you need to know is if you have a Q-net device and they have the models I listed in

22
00:01:40,080 --> 00:01:51,240
the article here is the QTS models, the QTS 5.1 QTS 4.5 models as well as the Q-UTS

23
00:01:51,240 --> 00:01:59,480
He-Roll and the Q-UTS Cloud models, I believe version 5 and 4.5 are the models that are

24
00:01:59,480 --> 00:02:01,320
affected by this vulnerability.

25
00:02:01,320 --> 00:02:06,360
However, there's a simple fix they've already patched it or you have to do is update.

26
00:02:06,360 --> 00:02:10,240
The article also walks you through on how to update from the UI, you know, go to the

27
00:02:10,240 --> 00:02:15,200
control panel, click on systems, firmware update, check for updates, your system should

28
00:02:15,200 --> 00:02:17,640
pull down updates and you'll be good to go.

29
00:02:17,640 --> 00:02:22,920
So if you are a loved one, are you using Q-Nap devices, just go ahead and perform an update.

30
00:02:22,920 --> 00:02:26,800
Now the article does go on to tell us a little bit more about a few ransomware groups

31
00:02:26,800 --> 00:02:33,160
that are currently targeting Q-Nap devices like deadbolt, checkmate, and Q-Locker.

32
00:02:33,160 --> 00:02:37,400
But like anything that's on the internet, it is an attack surface so you're going to always

33
00:02:37,400 --> 00:02:39,160
want to stay up to date.

34
00:02:39,160 --> 00:02:42,280
Not only that, you're also going to want to back up your data.

35
00:02:42,280 --> 00:02:46,680
Backing up your data is a sure-file solution to prevent ransomware attacks or actually

36
00:02:46,680 --> 00:02:51,240
won't prevent ransomware attacks, but it'll allow you to recover from a ransomware attack.

37
00:02:51,240 --> 00:02:57,160
See that story was just a nice little warm-up, it was a refreshing, cup of tea, in comparison

38
00:02:57,160 --> 00:02:58,480
to the next story.

39
00:02:58,480 --> 00:03:07,200
Switzerland, play ransomware elite 65,000 government documents.

40
00:03:07,200 --> 00:03:09,160
Can you say yikes?

41
00:03:09,160 --> 00:03:14,600
I know Switzerland likes to take that neutral stance, where right about now they're going

42
00:03:14,600 --> 00:03:17,440
to have to be firing up a storm.

43
00:03:17,440 --> 00:03:24,560
See, I had to go ahead and do some let-goals 65,000 government documents were leaked.

44
00:03:24,560 --> 00:03:29,360
And it seemed like a lot of files were in Switzerland's Justice Department, so the current

45
00:03:29,360 --> 00:03:35,880
agencies like the Federal Department of Justice, the State Secretary of Migration, Internal

46
00:03:35,880 --> 00:03:41,120
IT Service Center, the Federal Department of Defense, Civil Protection, and Sport.

47
00:03:41,120 --> 00:03:47,600
They even said that around 5,000 of the documents were just flat out personal information.

48
00:03:47,600 --> 00:03:53,200
We're talking about names, email addresses, telephone numbers, and home addresses, along

49
00:03:53,200 --> 00:03:58,040
with the good old technical details, like their classification information.

50
00:03:58,040 --> 00:04:02,880
Oh, and let's forget about, let's definitely not forget about their account passwords,

51
00:04:02,880 --> 00:04:06,040
we're all so part of that.

52
00:04:06,120 --> 00:04:12,680
And I like the way how an article, they sort of shrink away like, you know, lean close

53
00:04:12,680 --> 00:04:19,320
to the microphone and whisper, yeah, a small subset of the data that was leaked contains

54
00:04:19,320 --> 00:04:24,200
software and architectural data, along with more passwords.

55
00:04:24,200 --> 00:04:25,200
Yikes.

56
00:04:25,200 --> 00:04:29,880
I can't imagine having to do the presentation for that one, right?

57
00:04:29,880 --> 00:04:34,200
Can you imagine having to put together a PowerPoint and standard front of a bunch of guys

58
00:04:34,200 --> 00:04:36,800
in the government and explain how this happened?

59
00:04:36,800 --> 00:04:43,000
What, what you see, what happened was those guys over there did it, yeah, it's not my

60
00:04:43,000 --> 00:04:48,120
department, it's the other guys that did it, if it could fire anybody fire them, I knew

61
00:04:48,120 --> 00:04:49,760
I should have went to work at Google.

62
00:04:49,760 --> 00:04:55,520
I said it'd be a little bit more clear, X-plane is a company that contracts to work with

63
00:04:55,520 --> 00:04:57,120
this Wittseling government.

64
00:04:57,120 --> 00:05:01,760
So if you want to split hairs, you can say it's not actually the government that was

65
00:05:01,760 --> 00:05:07,680
breached, but the company that was contracted to perform these tasks for the government.

66
00:05:07,680 --> 00:05:14,480
Nonetheless, the government employees and government data was still lost due to the attack.

67
00:05:14,480 --> 00:05:18,680
What is this goes to show you, Switzerland should have hired me because I could have got

68
00:05:18,680 --> 00:05:24,000
them breached for a quarter of the price they paid, X-plane, you understand?

69
00:05:24,000 --> 00:05:27,120
And we would get a lot more jokes out of it as well.

70
00:05:27,120 --> 00:05:29,800
And here's one of the things that I think is kind of funny.

71
00:05:29,800 --> 00:05:36,680
They mentioned that analyzing the delete data, right, saying that this is legally complicated.

72
00:05:36,680 --> 00:05:38,120
Let's stop and think about it.

73
00:05:38,120 --> 00:05:48,160
It's already broadcasted on the internet for everyone to see how much more complicated could

74
00:05:48,160 --> 00:05:49,160
get.

75
00:05:49,160 --> 00:05:56,440
And you know, let's make sure only the appropriate containerized agency departments with only

76
00:05:56,440 --> 00:06:03,480
the specialized individuals in their, in their perfectly positioned cubicles have accents

77
00:06:03,480 --> 00:06:08,040
to this documentation that we found on the great wide open.

78
00:06:08,040 --> 00:06:12,080
I don't see any information on how the attack was carried out.

79
00:06:12,080 --> 00:06:18,040
You know, we don't know if this was like a sysadman hunt or a fishing type of attack or anything

80
00:06:18,040 --> 00:06:20,720
with that information, it's just not present.

81
00:06:20,720 --> 00:06:24,960
And I'm willing to bet it's because somebody used password 1, 2, 3.

82
00:06:24,960 --> 00:06:30,000
I need to be clear, the article did not say that, but I wouldn't put it past them either,

83
00:06:30,000 --> 00:06:31,000
right?

84
00:06:31,000 --> 00:06:36,200
You got one individual somewhere in this investigation that had password 1, 2, 3.

85
00:06:36,200 --> 00:06:42,720
Well, for the Swiss government or X-plane, you got my email, go ahead and contact me.

86
00:06:42,720 --> 00:06:48,120
I can only promise you one thing that the next time you get breached, at least with me

87
00:06:48,120 --> 00:06:50,720
on board, you'll have a much better time.

88
00:06:50,720 --> 00:06:52,960
We'll throw a breached barbecue.

89
00:06:52,960 --> 00:06:57,840
We'll do it almost like when it was gender reveal parties, except rather than revealing

90
00:06:57,840 --> 00:07:01,840
the gender, we'll be revealing how we got breached, right?

91
00:07:01,840 --> 00:07:07,160
And the name of the person who who's at ground zero during the attack, right, whoever was

92
00:07:07,160 --> 00:07:10,360
targeted for the attack, put them on blast.

93
00:07:10,360 --> 00:07:15,400
Can you imagine how hard it would be to get hired after something like that, so we probably

94
00:07:15,400 --> 00:07:16,400
wouldn't do that.

95
00:07:16,400 --> 00:07:17,400
That would be too mean.

96
00:07:17,480 --> 00:07:19,920
You imagine putting, like, okay.

97
00:07:19,920 --> 00:07:26,200
We have determined that the person responsible for the breached was D&T.

98
00:07:26,200 --> 00:07:31,320
If you have any questions concerning the breached, contact D&T.

99
00:07:31,320 --> 00:07:34,360
Ooh, that one was a toughie.

100
00:07:34,360 --> 00:07:37,400
Maybe we should move to something a little bit lighter.

101
00:07:37,400 --> 00:07:40,840
Let's move over to Dark Reader for just a moment.

102
00:07:40,840 --> 00:07:46,640
Spoofed the Zoom, Google and Skype meetings spread corporate remote access trogents.

103
00:07:46,640 --> 00:07:52,760
Now this story brings me back to a time when Microsoft mentioned in the past that they

104
00:07:52,760 --> 00:07:57,800
were going to be making it possible for Android apps to run on Windows.

105
00:07:57,800 --> 00:07:59,200
Does anybody remember that?

106
00:07:59,200 --> 00:08:05,640
Now Windows, which is already just flooded with malware because they have the largest, they

107
00:08:05,640 --> 00:08:08,080
have the largest user population.

108
00:08:08,080 --> 00:08:12,960
The vast majority of the machines you buy out there today come pre-loaded with Windows.

109
00:08:12,960 --> 00:08:14,280
So that's understandable.

110
00:08:14,280 --> 00:08:19,360
I'm not faulting them for having malware when you have a large user population, obviously

111
00:08:19,360 --> 00:08:21,000
you're going to have more tax.

112
00:08:21,000 --> 00:08:27,240
But to think that it would be a good idea and allow Android applications knowing that Android

113
00:08:27,240 --> 00:08:32,280
is just, at this point, Android is malware.

114
00:08:32,280 --> 00:08:40,920
You know, it's so bad over an Android market and look, sorry, not sorry Android users out

115
00:08:40,920 --> 00:08:41,920
there.

116
00:08:41,920 --> 00:08:47,600
If you're using like F-droid or something like that, okay, kudos, I got you, right?

117
00:08:47,600 --> 00:08:52,040
There's a sale-fish OS for those of you that can run it from understanding it didn't

118
00:08:52,040 --> 00:08:56,600
run well here in the US, like no carrier, whatever, I'll let you get out on network with

119
00:08:56,600 --> 00:08:57,600
it or whatever.

120
00:08:57,600 --> 00:09:01,520
I could be mistaken, but that's just what I remember from the last time I heard something

121
00:09:01,520 --> 00:09:02,520
about it.

122
00:09:02,520 --> 00:09:08,680
What were another if you just run a stock Android from whatever vendor, LG, Samsung, whatever.

123
00:09:08,680 --> 00:09:17,000
You gotta know you're dealing with a ton of malware, that you wrap that malware burrito.

124
00:09:17,000 --> 00:09:18,000
You know what I mean?

125
00:09:18,000 --> 00:09:24,840
You got malware, flatbread, called Windows, and you sprinkle in a whole bunch of malware

126
00:09:24,840 --> 00:09:27,600
from Google.

127
00:09:27,600 --> 00:09:28,600
It's terrible.

128
00:09:28,600 --> 00:09:31,680
I'm going to give you a little bit of a spoiler alert here.

129
00:09:31,680 --> 00:09:34,040
You should have just used Jitsi, all right?

130
00:09:34,040 --> 00:09:41,520
But in any who, the attacker is basically using fake meetings, luring people in for these

131
00:09:41,520 --> 00:09:42,520
rats.

132
00:09:42,520 --> 00:09:46,520
And by rat, I mean, remote access, Trojan, and you know what?

133
00:09:46,520 --> 00:09:47,520
Not even just Jitsi.

134
00:09:47,520 --> 00:09:49,800
I mean, has anybody heard a next cloud recently?

135
00:09:49,800 --> 00:09:51,000
I mean, you know what I mean?

136
00:09:51,000 --> 00:09:56,080
There's so many better ways to do this, and a lot of these meetings, I'm pretty sure

137
00:09:56,080 --> 00:09:58,600
could have just been an email, right?

138
00:09:58,600 --> 00:09:59,600
Am I right?

139
00:09:59,600 --> 00:10:03,080
Where you can get fished like a responsible adult.

140
00:10:03,080 --> 00:10:05,680
Now I love the marketing in this article.

141
00:10:05,680 --> 00:10:10,040
They have a nice little slogan here, click to compromise.

142
00:10:10,040 --> 00:10:11,040
That's a good one.

143
00:10:11,040 --> 00:10:18,080
If only Windows had a repository of software where you could go in the terminal and use

144
00:10:18,080 --> 00:10:25,400
your package manager to pull down software that has been reviewed by, you know, knowing

145
00:10:25,400 --> 00:10:30,640
Windows it'll probably most likely just be Microsoft employees, but, you know, if they

146
00:10:30,640 --> 00:10:36,560
were going to do things in an open manner, you can get more eyes on not just the software

147
00:10:36,560 --> 00:10:39,360
itself, but the code, but we're not going to go there.

148
00:10:39,360 --> 00:10:42,680
Oh, wait, I forgot Microsoft Heart Selanix, that's right, I forgot about that.

149
00:10:42,680 --> 00:10:45,200
I mean, they did open source to calculate it, right?

150
00:10:45,200 --> 00:10:51,640
But what we do, we do have that fantastic new calculator, just just what we always wanted.

151
00:10:51,640 --> 00:10:57,320
I include this article so that the next time you get invited to a terrible meeting at

152
00:10:57,320 --> 00:10:59,960
work, share this article with your boss.

153
00:11:00,000 --> 00:11:04,800
I don't know, look, I can't go to each of these meetings because it's too dangerous.

154
00:11:04,800 --> 00:11:05,800
It's too dangerous.

155
00:11:05,800 --> 00:11:07,400
I could, I could lose my credentials.

156
00:11:07,400 --> 00:11:13,240
I could get remote access, Trojan, especially if you're forced to run Windows as well.

157
00:11:13,240 --> 00:11:14,240
Oh, goodness.

158
00:11:14,240 --> 00:11:18,760
And if you're still using Android, good heavens shut that thing down and get to some

159
00:11:18,760 --> 00:11:19,760
F droid.

160
00:11:19,760 --> 00:11:24,880
Or you can do like the rest of us who, you know, those of us that wear our top hats and

161
00:11:24,880 --> 00:11:31,720
monocles walk with a cane, we are in our, in our, in our Tuxedos, we carry iPhones.

162
00:11:31,720 --> 00:11:35,600
Yeah, we have, we have the blue bubble of sophistication.

163
00:11:35,600 --> 00:11:40,240
Nevermind that it's almost impossible for us to do anything with the device and we own

164
00:11:40,240 --> 00:11:43,720
nothing, not even the device itself, nevermind any of that.

165
00:11:43,720 --> 00:11:45,400
We got the blue bubbles, okay?

166
00:11:45,400 --> 00:11:48,960
Alrighty, ladies and gentlemen, that's all I got time for today.

167
00:11:48,960 --> 00:11:52,000
I hope you guys enjoyed another episode of the Ono News.

168
00:11:52,000 --> 00:11:58,000
If you have any questions about any of the pearl clutching panic ridden nonsense, we've

169
00:11:58,000 --> 00:12:04,080
broadcast here today on Hacker Public Radio, please contact D&T.

170
00:12:04,080 --> 00:12:08,360
You're welcome to leave a comment, I'll show it would be much appreciated.

171
00:12:08,360 --> 00:12:13,400
And for those of you that are new to Hacker Public Radio, you can start by just introducing

172
00:12:13,400 --> 00:12:18,960
yourself, letting us know who you are and what sort of hobbies you enjoy.

173
00:12:18,960 --> 00:12:22,760
If you're worried about rather or not, we'd be interested in it, I mean, just look at what

174
00:12:22,760 --> 00:12:23,760
I'm doing.

175
00:12:23,760 --> 00:12:26,960
Clearly, it can't be too hard if I'm able to do it, right?

176
00:12:26,960 --> 00:12:29,200
And don't worry about if people like it or not.

177
00:12:29,200 --> 00:12:36,480
I've been doing this for a little while now, and I have not had one single complaint at all

178
00:12:36,480 --> 00:12:37,480
never.

179
00:12:37,480 --> 00:12:38,920
Oh, wink, wink.

180
00:12:38,920 --> 00:12:43,120
So don't be shy, come on out here, give us a show, and I'll catch you guys in the next

181
00:12:43,120 --> 00:12:44,720
episode of Hacker Public Radio.

182
00:12:44,720 --> 00:12:50,120
Goodbye.

183
00:12:50,120 --> 00:12:54,880
You have been listening to Hacker Public Radio at Hacker Public Radio.org.

184
00:12:54,880 --> 00:12:59,880
Today's show was contributed by a HBR listening to like yourself, if you ever thought

185
00:12:59,880 --> 00:13:01,680
of recording podcasts.

186
00:13:01,680 --> 00:13:06,680
Click on our contributally to find out how easy it means.

187
00:13:06,680 --> 00:13:13,640
Hosting Prage VR has been kindly provided by an onsthost.com, the Internet archive and our

188
00:13:13,640 --> 00:13:14,640
single.net.

189
00:13:14,640 --> 00:13:21,120
On this otherwise status, today's show is released on our Creative Commons, Attribution

190
00:13:21,120 --> 00:13:23,120
4.0 International License.